Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          SrDBNrVgm0ijkHYveexbF8pZ5D/GsCyA0IQdcucnXVc=
Subject key identifier:   42:2F:1F:2C:F7:0B:AB:30:85:66:FF:72:A3:39:6C:17:A3:4D:BF:17
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6FD9E6F94DBBFDB5BFB6043B05B89E7CDEED35F2
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS137409.roa
Signing time:             Thu 03 Jul 2025 15:52:23 +0000
ROA not before:           Thu 03 Jul 2025 15:47:23 +0000
ROA not after:            Thu 02 Jul 2026 15:52:23 +0000
asID:                     137409
IP address blocks:        103.214.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d9:e6:f9:4d:bb:fd:b5:bf:b6:04:3b:05:b8:9e:7c:de:ed:35:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:23 2025 GMT
            Not After : Jul  2 15:52:23 2026 GMT
        Subject: CN=422F1F2CF70BAB308566FF72A3396C17A34DBF17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6a:51:74:a8:96:a6:8a:01:04:0a:22:7d:b3:
                    02:58:83:81:fa:fc:ba:5c:a2:58:f1:97:b6:ee:c0:
                    cd:d3:89:e4:59:66:0c:c7:a9:e5:ed:42:2b:0c:74:
                    7d:f9:c4:52:3d:10:a6:e4:12:eb:13:4f:d0:61:e6:
                    8a:20:9b:c2:c6:04:19:fb:37:60:2d:d5:83:6b:22:
                    b2:03:16:a8:4e:6b:49:9d:62:3c:e1:76:06:be:e2:
                    b7:55:a9:cc:74:2c:4f:94:50:8f:d7:27:62:24:b2:
                    50:bf:43:11:a8:ca:6d:37:f8:61:bd:4a:93:19:6c:
                    9c:2b:0a:bf:b1:20:e0:d3:83:16:64:47:bc:f6:67:
                    27:21:52:e4:75:06:59:1e:16:cf:67:f5:41:9d:fd:
                    0a:5d:89:9b:57:c9:dc:dd:77:52:64:3a:fb:9e:02:
                    bf:d1:53:2e:1a:1d:1b:c5:42:d2:4d:4e:04:68:f7:
                    c4:f2:1b:a6:31:a4:3e:5d:2d:17:2d:fe:e5:c0:51:
                    f5:67:aa:73:a6:6c:06:d4:76:78:7b:43:44:a4:35:
                    d7:57:5d:f0:fd:65:59:12:3a:50:25:0f:8b:a6:7c:
                    7a:cb:b3:7b:d1:e3:10:1f:1d:32:fa:df:f7:d0:38:
                    2e:ee:76:57:d1:c5:2c:f1:e2:4b:e3:83:38:27:83:
                    5a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:2F:1F:2C:F7:0B:AB:30:85:66:FF:72:A3:39:6C:17:A3:4D:BF:17
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:cd:68:00:f4:1b:e5:17:73:f3:d8:83:f4:09:18:6b:f9:74:
         09:b0:80:a4:07:47:c5:e3:ce:4f:7f:40:8e:90:cf:a4:ca:5b:
         c9:19:24:83:96:ff:0e:b1:7e:95:5f:22:88:f1:d9:ec:2d:90:
         8d:4b:44:58:16:70:95:8e:27:a5:de:d0:ba:60:bc:45:3c:22:
         da:cd:c5:6b:8c:cd:40:2c:cf:84:d6:b7:6b:81:15:f7:d1:24:
         57:db:df:86:2e:2f:6a:63:78:1b:ff:4f:24:42:cf:e6:43:2b:
         e3:ef:a4:b7:40:a9:69:1b:35:65:5d:15:37:64:44:24:36:84:
         4b:0f:aa:0a:61:3e:2e:32:69:7e:87:86:dc:04:04:1e:e1:1a:
         a7:4d:56:c4:39:d0:6b:c0:5d:43:ce:ca:fa:74:46:55:f6:46:
         5f:99:ef:64:7e:00:d5:34:dd:02:d1:13:d0:de:94:52:c8:17:
         ee:f4:2d:55:ed:ac:d2:29:6c:8c:90:79:14:d8:4a:30:c4:d6:
         5f:2a:c9:a4:1a:06:26:f3:0c:04:2b:b2:d5:51:ff:00:6a:e9:
         58:ba:06:16:fb:b3:b3:a7:ed:62:24:48:14:bc:7a:84:62:c6:
         96:04:bc:ad:da:73:e8:59:ef:62:08:9a:6c:6e:ec:ed:64:b1:
         ec:24:a0:7a
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUb9nm+U27/bW/tgQ7BbiefN7tNfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MjNaFw0yNjA3MDIxNTUyMjNaMDMxMTAvBgNV
BAMTKDQyMkYxRjJDRjcwQkFCMzA4NTY2RkY3MkEzMzk2QzE3QTM0REJGMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbalF0qJamigEECiJ9swJYg4H6
/Lpcoljxl7buwM3TieRZZgzHqeXtQisMdH35xFI9EKbkEusTT9Bh5oogm8LGBBn7
N2At1YNrIrIDFqhOa0mdYjzhdga+4rdVqcx0LE+UUI/XJ2IkslC/QxGoym03+GG9
SpMZbJwrCr+xIODTgxZkR7z2ZychUuR1BlkeFs9n9UGd/QpdiZtXydzdd1JkOvue
Ar/RUy4aHRvFQtJNTgRo98TyG6YxpD5dLRct/uXAUfVnqnOmbAbUdnh7Q0SkNddX
XfD9ZVkSOlAlD4umfHrLs3vR4xAfHTL63/fQOC7udlfRxSzx4kvjgzgng1rVAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUQi8fLPcLqzCFZv9yozlsF6NNvxcwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTM3NDA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ9ZEMA0GCSqGSIb3DQEBCwUAA4IBAQCNzWgA9Bvl
F3Pz2IP0CRhr+XQJsICkB0fF485Pf0COkM+kylvJGSSDlv8OsX6VXyKI8dnsLZCN
S0RYFnCVjiel3tC6YLxFPCLazcVrjM1ALM+E1rdrgRX30SRX29+GLi9qY3gb/08k
Qs/mQyvj76S3QKlpGzVlXRU3ZEQkNoRLD6oKYT4uMml+h4bcBAQe4RqnTVbEOdBr
wF1Dzsr6dEZV9kZfme9kfgDVNN0C0RPQ3pRSyBfu9C1V7azSKWyMkHkU2EowxNZf
KsmkGgYm8wwEK7LVUf8AaulYugYW+7Ozp+1iJEgUvHqEYsaWBLyt2nPoWe9iCJps
buztZLHsJKB6
-----END CERTIFICATE-----